AI Component

Framework

AI/ML frameworks (LangChain, PyTorch, TensorFlow, etc.) are the foundational libraries for building AI applications. Vulnerabilities here have wide blast radius due to high adoption.

1220

Total CVEs

Pages

Page 32 of 61

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2024-2928	MLflow: URI fragment LFI exposes arbitrary files	mlflow	7.5
MEDIUM	CVE-2024-3099	MLflow: URL encoding bypass enables model poisoning	mlflow	5.4
HIGH	CVE-2024-27134	MLflow: local privilege escalation via spark_udf ToCToU	mlflow	7.0
MEDIUM	CVE-2024-6838	MLflow: unconstrained input causes UI denial of service	mlflow	5.3
HIGH	CVE-2024-8859	MLflow: path traversal allows arbitrary file read via DBFS	mlflow	7.5
HIGH	CVE-2025-0453	MLflow: GraphQL DoS disables ML tracking server	mlflow	7.5
HIGH	CVE-2025-1473	MLflow: CSRF in signup allows rogue account creation	mlflow	7.1
MEDIUM	CVE-2025-1474	MLflow: passwordless accounts enable persistent backdoor	mlflow	5.5
MEDIUM	CVE-2025-52967	MLflow: unauthenticated SSRF in gateway proxy	mlflow	5.8
CRITICAL	CVE-2025-11200	mlflow: security flaw enables exploitation	mlflow	9.8
CRITICAL	CVE-2025-11201	mlflow: Path Traversal enables file access	mlflow	9.8
HIGH	CVE-2025-14279	mlflow: security flaw enables exploitation	mlflow	8.1
HIGH	CVE-2025-10279	mlflow: security flaw enables exploitation	mlflow	7.0
MEDIUM	CVE-2023-2800	Transformers: temp file race condition allows local DoS	transformers	4.7
HIGH	CVE-2023-6730	HuggingFace Transformers: RCE via unsafe deserialization	transformers	8.8
HIGH	CVE-2023-7018	Transformers: unsafe deserialization enables RCE on load	transformers	7.8
CRITICAL	CVE-2024-3568	HuggingFace Transformers: RCE via pickle deserialization	transformers	9.6
UNKNOWN	CVE-2024-3924	text-generation-inference: workflow injection RCE		-
HIGH	CVE-2025-24357	vLLM: unsafe deserialization RCE via model loading	vllm	8.8
HIGH	CVE-2024-12720	Transformers: ReDoS in Nougat tokenizer causes DoS	transformers	7.5

Page 32 of 61

Previous Next

Related AI Components

API Agent Model Inference Training Data RAG

Framework

Related AI Components

Weekly CISO Take + top threats